1. 16 Jan, 2020 1 commit
    • Leszek Swirski's avatar
      [offthread] Add OffThreadFactory support to AST strings · bcbb553d
      Leszek Swirski authored
      Add support for internalizing an AstValueFactory using the off-thread
      factory. Includes adding ConsString support to OffThreadFactory.
      
      This introduces a Handle union wrapper, which is used in locations that
      can store a Handle or an OffThreadHandle. This is used in this patch for
      the internalized "string" field of AST strings, and will be able to be
      used for other similar fields in other classes (e.g. the ScopeInfo
      handle in Scope, object boilerplate descriptor handles, the inferred
      name handle on FunctionLiterals, etc.). It has a Factory-templated
      getter which returns the appropriate handle for the factory, and a
      debug-only tag to make sure the right getter is used at runtime. This
      union wrapper currently decomposes implicitly to a Handle if the getter
      is not called, to minimise code changes, but this implicit conversion
      will likely be removed for clarity.
      
      Bug: chromium:1011762
      Change-Id: I5dd3a7bbdc483b66f5ff687e0079c545b636dc13
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993971
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65816}
      bcbb553d
  2. 15 Jan, 2020 1 commit
    • Leszek Swirski's avatar
      [offthread] Add OffThreadFactory · e659917a
      Leszek Swirski authored
      Introduce OffThreadFactory with initial string construction support.
      
      The OffThreadFactory shares with Factory a new CRTP base class, called
      FactoryBase. Methods in FactoryBase return a FactoryHandle<Factory, T>
      alias, which is Handle<T> for normal Factory and a new OffThreadHandle<T>
      for OffThreadFactory. OffThreadHandle<T> behaves like Handle<T>, except
      it stores the object in-line rather than needing external storage.
      
      Any shared factory methods are moved into FactoryBase, which uses CRTP
      to call the sub-class's AllocateRaw method (plus a few more customization
      points which need Isolate access on the main thread).
      
      Methods that used to take an Isolate or Factory, and are needed off the
      main thread, are now expected to be templated on the factory type and
      to use the appropriate handle.
      
      Once an OffThreadFactory has finished being used (e.g. off-thread
      compilation completed) its pages are "Published" into the main-thread
      Heap. To deal with string internalization without creating a bunch of
      ThinStrings, this is done in two stages:
      
        1. 'FinishOffThread': The off-thread pages are walked to
           collect all slots pointing to "internalized" strings. After this is
           called it is invalid to allocate any more objects with the factory.
        2. 'Publish': On the main thread, we transform these slots into
           <Handle to holder, offset> pairs, then for each saved slot
           re-internalize its string and update the slot to point to the
           internalized string.
      
      Bug: chromium:1011762
      Change-Id: I008a694da3c357de34362bd86fe7e1f46b535d5e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992434
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#65787}
      e659917a
  3. 08 Jul, 2019 1 commit
    • Peter Marshall's avatar
      [tracing] Use the new perfetto client API · edd383fb
      Peter Marshall authored
      The client API provides a much simpler interface so that we don't have
      to deal with producers, consumers etc. directly. This CL removes all the
      code that dealt with the more complex API used previously.
      
      The architecture used here requires that the embedder call into
      Tracing::Initialize() to set up the tracing backend. The tracing
      controller then connects to this backend when calling
      DataSource::Register() and Tracing::NewTrace(). This will ultimately
      avoid the need for a virtual call (or two) for every trace event that
      need to be dispatched over the API - chrome can provide a backend
      and V8 will connect to it opaquely with the same code when tracing is
      enabled.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
      Bug: v8:8339
      Change-Id: I6b74fbb49ffcc89638caeb59ed3d5cc81238f3e8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1634916Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Peter Marshall <petermarshall@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62568}
      edd383fb
  4. 18 Jun, 2019 1 commit
  5. 06 Jun, 2019 1 commit
  6. 02 May, 2019 1 commit
    • Maciej Goszczycki's avatar
      Reland "[heap] Skip ro-space from heap iterators, add CombinedHeapIterator." · 9c062093
      Maciej Goszczycki authored
      Code relocation info is now always allocated in old-space. Before relocation
      info allocated for placeholders and builtins (which get replaced with
      trampolines in nosnap builds) would become unreachable. Since read-only space
      is not GCed and ReadOnlyHeapIterator doesn't check for reachability,
      ValidateSnapshot would fail finding unreachable objects returned by
      ReadOnlyHeapIterator.
      
      Because trampoline relocation info gets replaced with canonical one, this only
      affects no-embdded-builtins nosnap builds, which don't get much benefit from
      read-only relocation info anyway.
      
      A new check has been added to the read-only deserializer to verify that every
      read-only object is reachable at mksnapshot-time.
      
      The CombinedHeapIterator iteration order was changed to iterate over
      read-only space first, because that's how HeapIterator worked.
      
      This is a reland of 3d1d8eae
      
      Original change's description:
      > [heap] Skip ro-space from heap iterators, add CombinedHeapIterator.
      >
      > Read-only space sharing requires an iterator independent of heap. This
      > also enables future removal of read-only space from heap.
      >
      > Bug: v8:7464
      > Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795
      > Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Dan Elphick <delphick@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#60819}
      
      Bug: v8:7464
      Change-Id: I49ae070955b77956962334a84f762ab29052d5ff
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566513Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
      Cr-Commit-Position: refs/heads/master@{#61185}
      9c062093
  7. 12 Apr, 2019 2 commits
  8. 28 Feb, 2019 1 commit
  9. 29 Jan, 2019 1 commit
    • Michael Lippautz's avatar
      [api, global-handles] Add TracedGlobal · 76c93685
      Michael Lippautz authored
      TracedGlobal integrates with the use case of EmbedderHeapTracer and replaces
      regular weak Global or Persistent nodes for such cases. This allows to simplify
      the case for regular weak handles in a sense that they follow regular weak
      semantics (if the underlying object is otherwise unreachable the weak handle
      will be reset).
      
      TracedGlobal requires slightly different semantics in the sense that it can be
      required to keep them alive on Scavenge garbage collections because there's a
      transitive path that is only known when using the EmbedderHeapTracer.
      TracedGlobal accomodates that use case.
      
      TracedGlobal follows move semantics and can thus be used in regular std
      containers without wrapping data structure.
      
      The internal state uses 20% less memory and allows for only iterating those
      nodes when necessary. The design trades the virtual call when iterating
      interesting persistents in the GC prologue with calling out through the
      EmbedderHeapTracer for each node which is also a virtual call. There is one less
      iteration over the set of handles required though and the design is robust
      against recursive GCs that mutate the embedder state during the prologue
      callback.
      
      Bug: chromium:923361
      Change-Id: Idbacfbe4723cd12af9de21058a4792e51dc4df74
      Reviewed-on: https://chromium-review.googlesource.com/c/1425523
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#59183}
      76c93685
  10. 30 Oct, 2018 1 commit
  11. 26 Oct, 2018 1 commit
  12. 21 Sep, 2018 1 commit
  13. 10 Sep, 2018 1 commit
    • Dan Elphick's avatar
      [embedded handlers] Store the handlers without gaps · 5a9f0556
      Dan Elphick authored
      Previously the builtins table had a value for every single
      OperandScale/Bytecode combination regardless of whether it was valid.
      This change makes it so that only valid bytecode handlers are stored in
      the builtins table. This prevents placeholders being serialized into the
      snapshot (and embedded into the binary) saving 9KB in
      CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
      entries in the builtins table.
      
      To do this, it generates a new header file bytecodes-builtins-list.h
      which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
      Since list macros cannot be used to conditionally generate elements in
      the C-preprocessor, this is done by generator executable, compiled from
      interpreter/generate-flat-headers.cc.
      
      Additionally the generator creates the flat bytecode list so that it is
      transposed from the previous result, i.e. the results are grouped by
      bytecode and then operand scale rather than operand scale then bytecode.
      This should give better locality for commonly used bytecodes and may
      allow less commonly used ExtraWide bytecodes to never be mapped into
      memory at all.
      
      The cost to storing the handlers densely is that looking up a handler
      now requires a binary search through the builtins table, but this should
      only happen during debugging. It is also fixable at least for non-wide
      handlers and could be improved for wide ones if the need arises.
      
      Bug: v8:8068
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
      Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
      Reviewed-on: https://chromium-review.googlesource.com/1209304
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#55757}
      5a9f0556
  14. 24 Aug, 2018 1 commit
  15. 27 Jul, 2018 1 commit
  16. 08 May, 2018 1 commit
  17. 09 Apr, 2018 1 commit
  18. 06 Apr, 2018 2 commits
    • Michael Achenbach's avatar
      Revert "[cleanup] Refactor the Factory" · 503e07c3
      Michael Achenbach authored
      This reverts commit f9a2e24b.
      
      Reason for revert: gc stress failures not all fixed by follow up.
      
      Original change's description:
      > [cleanup] Refactor the Factory
      > 
      > There is no good reason to have the meat of most objects' initialization
      > logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      > this CL changes the protocol between Heap and Factory to be AllocateRaw,
      > and all object initialization work after (possibly retried) successful
      > raw allocation happens in the Factory.
      > 
      > This saves about 20KB of binary size on x64.
      > 
      > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      > Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      > Reviewed-on: https://chromium-review.googlesource.com/959533
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52416}
      
      TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
      
      Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/999414Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52420}
      503e07c3
    • Jakob Kummerow's avatar
      [cleanup] Refactor the Factory · f9a2e24b
      Jakob Kummerow authored
      There is no good reason to have the meat of most objects' initialization
      logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      this CL changes the protocol between Heap and Factory to be AllocateRaw,
      and all object initialization work after (possibly retried) successful
      raw allocation happens in the Factory.
      
      This saves about 20KB of binary size on x64.
      
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      Reviewed-on: https://chromium-review.googlesource.com/959533
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52416}
      f9a2e24b
  19. 05 May, 2017 1 commit
  20. 07 Apr, 2017 1 commit
  21. 05 Apr, 2017 2 commits
    • kozyatinskiy's avatar
      Revert of [snapshot] Move builtins generation into mksnapshot (patchset #8... · ba9fc3d7
      kozyatinskiy authored
      Revert of [snapshot] Move builtins generation into mksnapshot (patchset #8 id:160001 of https://codereview.chromium.org/2760233005/ )
      
      Reason for revert:
      I think that this CL breaks chromium compilation on windows with clang (). All other CLs in the list looks trivial and don't change test/unittest/BUILD.gn.
      
      [42456/47924] CXX obj/v8/test/unittests/unittests/value-serializer-unittest.obj
      [42457/47924] LINK unittests.exe unittests.exe.pdb
      FAILED: unittests.exe unittests.exe.pdb
      E:/b/depot_tools/python276_bin/python.exe ../../build/toolchain/win/tool_wrapper.py link-wrapper environment.x64 False link.exe /nologo /OUT:./unittests.exe /PDB:./unittests.exe.pdb @./unittests.exe.rsp
      bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::AddAllocationObserver(class v8::internal::AllocationObserver *)" (?AddAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
      
      slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: void __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::Add(class v8::internal::AllocationObserver * const &,class v8::internal::FreeStoreAllocationPolicy)" (?Add@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAAXAEBQEAVAllocationObserver@23@VFreeStoreAllocationPolicy@23@@Z)
      
      bitmap-unittest.obj : error LNK2019: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z) referenced in function "public: virtual void __cdecl v8::internal::Space::RemoveAllocationObserver(class v8::internal::AllocationObserver *)" (?RemoveAllocationObserver@Space@internal@v8@@UEAAXPEAVAllocationObserver@23@@Z)
      
      slot-set-unittest.obj : error LNK2001: unresolved external symbol "public: bool __cdecl v8::internal::List<class v8::internal::AllocationObserver *,class v8::internal::FreeStoreAllocationPolicy>::RemoveElement(class v8::internal::AllocationObserver * const &)" (?RemoveElement@?$List@PEAVAllocationObserver@internal@v8@@VFreeStoreAllocationPolicy@23@@internal@v8@@QEAA_NAEBQEAVAllocationObserver@23@@Z)
      
      ./unittests.exe : fatal error LNK1120: 2 unresolved externals
      
      Original issue's description:
      > [snapshot] Move builtins generation into mksnapshot
      >
      > and out of the main library. This saves about 5% of binary size
      > (800KB on x64, 373KB on android_arm).
      >
      > Only the GN build is supported; the GYP build is maintained working
      > but does not support the feature.
      >
      > BUG=v8:6055
      > CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
      >
      > Review-Url: https://codereview.chromium.org/2760233005
      > Cr-Commit-Position: refs/heads/master@{#44412}
      > Committed: https://chromium.googlesource.com/v8/v8/+/4782bc0df89ceb127e38017b8dcf531222a0e966
      
      TBR=jgruber@chromium.org,rmcilroy@chromium.org,machenbach@chromium.org,jkummerow@chromium.org
      # Skipping CQ checks because original CL landed less than 1 days ago.
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG=v8:6055
      
      Review-Url: https://codereview.chromium.org/2803903002
      Cr-Commit-Position: refs/heads/master@{#44422}
      ba9fc3d7
    • jkummerow's avatar
      [snapshot] Move builtins generation into mksnapshot · 4782bc0d
      jkummerow authored
      and out of the main library. This saves about 5% of binary size
      (800KB on x64, 373KB on android_arm).
      
      Only the GN build is supported; the GYP build is maintained working
      but does not support the feature.
      
      BUG=v8:6055
      CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_nosnap_rel;
      
      Review-Url: https://codereview.chromium.org/2760233005
      Cr-Commit-Position: refs/heads/master@{#44412}
      4782bc0d
  22. 13 Mar, 2017 3 commits
    • eholk's avatar
      [wasm] Initial signal handler · 118c376f
      eholk authored
      This is basically the minimum viable signal handler for Wasm bounds checks.
      It includes the TLS check and the fine grained instructions checks. These
      two checks provide most of the safety for the signal handler. Future CLs will
      add code range and data range checks for more robustness.
      
      The trap handling code and data structures are all in src/trap-handler, with
      the code that actually runs in the signal handler confined to
      src/trap-handler/signal-handler.cc.
      
      This changes adds a new V8 API that the embedder should call from a signal
      handler that will give V8 the chance to handle the fault first. For hosts that
      do not want to implement their own signal handler, we include the option to
      install a simple one. This simple handler is also used for the tests.
      
      When a Wasm module is instantiated, information about each function is passed
      to the trap handler, which is used to classify faults. These are removed during
      the instance finalizer.
      
      Several future enhancements are planned before turning this on by default.
      Obviously, the additional checks will be added to MaybeHandleFault. We are
      also planning to add a two-level CodeObjectData table that is grouped by
      isolates to make cleanup easier and also reduce potential for contending on
      a single data structure.
      
      BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
      Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Original-Commit-Position: refs/heads/master@{#43755}
      Committed: https://chromium.googlesource.com/v8/v8/+/338622d7cae787a63cece1f2e79a8b030023940b
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Commit-Position: refs/heads/master@{#43759}
      118c376f
    • eholk's avatar
      Revert of [wasm] Initial signal handler (patchset #60 id:1170001 of... · aba151b9
      eholk authored
      Revert of [wasm] Initial signal handler (patchset #60 id:1170001 of https://codereview.chromium.org/2371833007/ )
      
      Reason for revert:
      ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
      
      Original issue's description:
      > [wasm] Initial signal handler
      >
      > This is basically the minimum viable signal handler for Wasm bounds checks.
      > It includes the TLS check and the fine grained instructions checks. These
      > two checks provide most of the safety for the signal handler. Future CLs will
      > add code range and data range checks for more robustness.
      >
      > The trap handling code and data structures are all in src/trap-handler, with
      > the code that actually runs in the signal handler confined to
      > src/trap-handler/signal-handler.cc.
      >
      > This changes adds a new V8 API that the embedder should call from a signal
      > handler that will give V8 the chance to handle the fault first. For hosts that
      > do not want to implement their own signal handler, we include the option to
      > install a simple one. This simple handler is also used for the tests.
      >
      > When a Wasm module is instantiated, information about each function is passed
      > to the trap handler, which is used to classify faults. These are removed during
      > the instance finalizer.
      >
      > Several future enhancements are planned before turning this on by default.
      > Obviously, the additional checks will be added to MaybeHandleFault. We are
      > also planning to add a two-level CodeObjectData table that is grouped by
      > isolates to make cleanup easier and also reduce potential for contending on
      > a single data structure.
      >
      > BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      >
      > Review-Url: https://codereview.chromium.org/2371833007
      > Cr-Original-Commit-Position: refs/heads/master@{#43523}
      > Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a
      > Review-Url: https://codereview.chromium.org/2371833007
      > Cr-Commit-Position: refs/heads/master@{#43755}
      > Committed: https://chromium.googlesource.com/v8/v8/+/338622d7cae787a63cece1f2e79a8b030023940b
      
      TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
      # Skipping CQ checks because original CL landed less than 1 days ago.
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      
      Review-Url: https://codereview.chromium.org/2744383002
      Cr-Commit-Position: refs/heads/master@{#43757}
      aba151b9
    • eholk's avatar
      [wasm] Initial signal handler · 338622d7
      eholk authored
      This is basically the minimum viable signal handler for Wasm bounds checks.
      It includes the TLS check and the fine grained instructions checks. These
      two checks provide most of the safety for the signal handler. Future CLs will
      add code range and data range checks for more robustness.
      
      The trap handling code and data structures are all in src/trap-handler, with
      the code that actually runs in the signal handler confined to
      src/trap-handler/signal-handler.cc.
      
      This changes adds a new V8 API that the embedder should call from a signal
      handler that will give V8 the chance to handle the fault first. For hosts that
      do not want to implement their own signal handler, we include the option to
      install a simple one. This simple handler is also used for the tests.
      
      When a Wasm module is instantiated, information about each function is passed
      to the trap handler, which is used to classify faults. These are removed during
      the instance finalizer.
      
      Several future enhancements are planned before turning this on by default.
      Obviously, the additional checks will be added to MaybeHandleFault. We are
      also planning to add a two-level CodeObjectData table that is grouped by
      isolates to make cleanup easier and also reduce potential for contending on
      a single data structure.
      
      BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Original-Commit-Position: refs/heads/master@{#43523}
      Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Commit-Position: refs/heads/master@{#43755}
      338622d7
  23. 01 Mar, 2017 2 commits
    • bmeurer's avatar
      Revert of [wasm] Initial signal handler (patchset #56 id:1090001 of... · 0b3e554e
      bmeurer authored
      Revert of [wasm] Initial signal handler (patchset #56 id:1090001 of https://codereview.chromium.org/2371833007/ )
      
      Reason for revert:
      Breaks tree, i.e. https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/18928/steps/Check/logs/grow-memory
      
      Original issue's description:
      > [wasm] Initial signal handler
      >
      > This is basically the minimum viable signal handler for Wasm bounds checks.
      > It includes the TLS check and the fine grained instructions checks. These
      > two checks provide most of the safety for the signal handler. Future CLs will
      > add code range and data range checks for more robustness.
      >
      > The trap handling code and data structures are all in src/trap-handler, with
      > the code that actually runs in the signal handler confined to
      > src/trap-handler/signal-handler.cc.
      >
      > This changes adds a new V8 API that the embedder should call from a signal
      > handler that will give V8 the chance to handle the fault first. For hosts that
      > do not want to implement their own signal handler, we include the option to
      > install a simple one. This simple handler is also used for the tests.
      >
      > When a Wasm module is instantiated, information about each function is passed
      > to the trap handler, which is used to classify faults. These are removed during
      > the instance finalizer.
      >
      > Several future enhancements are planned before turning this on by default.
      > Obviously, the additional checks will be added to MaybeHandleFault. We are
      > also planning to add a two-level CodeObjectData table that is grouped by
      > isolates to make cleanup easier and also reduce potential for contending on
      > a single data structure.
      >
      > BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      >
      > Review-Url: https://codereview.chromium.org/2371833007
      > Cr-Commit-Position: refs/heads/master@{#43523}
      > Committed: https://chromium.googlesource.com/v8/v8/+/a5af7fe9ee388a636675f4a6872b1d34fa7d1a7a
      
      TBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org,eholk@chromium.org
      # Skipping CQ checks because original CL landed less than 1 days ago.
      NOPRESUBMIT=true
      NOTREECHECKS=true
      NOTRY=true
      BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      
      Review-Url: https://codereview.chromium.org/2723133003
      Cr-Commit-Position: refs/heads/master@{#43525}
      0b3e554e
    • eholk's avatar
      [wasm] Initial signal handler · a5af7fe9
      eholk authored
      This is basically the minimum viable signal handler for Wasm bounds checks.
      It includes the TLS check and the fine grained instructions checks. These
      two checks provide most of the safety for the signal handler. Future CLs will
      add code range and data range checks for more robustness.
      
      The trap handling code and data structures are all in src/trap-handler, with
      the code that actually runs in the signal handler confined to
      src/trap-handler/signal-handler.cc.
      
      This changes adds a new V8 API that the embedder should call from a signal
      handler that will give V8 the chance to handle the fault first. For hosts that
      do not want to implement their own signal handler, we include the option to
      install a simple one. This simple handler is also used for the tests.
      
      When a Wasm module is instantiated, information about each function is passed
      to the trap handler, which is used to classify faults. These are removed during
      the instance finalizer.
      
      Several future enhancements are planned before turning this on by default.
      Obviously, the additional checks will be added to MaybeHandleFault. We are
      also planning to add a two-level CodeObjectData table that is grouped by
      isolates to make cleanup easier and also reduce potential for contending on
      a single data structure.
      
      BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
      
      Review-Url: https://codereview.chromium.org/2371833007
      Cr-Commit-Position: refs/heads/master@{#43523}
      a5af7fe9
  24. 05 Dec, 2016 1 commit
  25. 29 Nov, 2016 3 commits
  26. 22 Nov, 2016 1 commit
    • leszeks's avatar
      [ignition] Replace branch+loop analysis with a single pass · 292c4a0a
      leszeks authored
      Now that we have a JumpLoop bytecode, we can heavily simplify the
      branch/loop analysis by assuming that only JumpLoop bytecodes are
      backwards edges, and performing the loop analysis as a single
      (backwards) pass.
      
      This allows us to get rid of the branch analysis entirely, and builds a
      framework to do liveness analysis in the same pass.
      
      Review-Url: https://codereview.chromium.org/2519983002
      Cr-Commit-Position: refs/heads/master@{#41194}
      292c4a0a
  27. 12 Oct, 2016 1 commit
  28. 03 Aug, 2016 1 commit
  29. 27 Jul, 2016 1 commit
  30. 26 Jul, 2016 2 commits
  31. 15 Jul, 2016 1 commit